Traditional defenses such as firewalls, security protocols, and encryption sometimes fail to stop attackers determined to access and compromise data. This course provides the fundamental skills to handle and respond to those computer security incidents by teaching the underlying principles and techniques for detecting and responding to current and emerging computer security threats. Students learn how to handle different types of incidents, risk assessment methodologies, and various laws and policy related to incident handling. This course is backed by EC-Council’s Certified Incident Handler (ECIH) exam.
Course Competencies
- Information Security and Incident Categories: The graduate identifies key concepts of information security and incident categories.
- Risk Assessment: The graduate applies NIST’s risk assessment methodology to conduct IT risk assessment.
- Incident Response and Handling Steps: The graduate describes steps in incident response and handling procedures.
- CSIRT: The graduate defines the purpose, protocol, and functions of a Computer Security Incident Response Team (CSIRT).
- Handling Network Security Incidents: The graduate describes security incident types and procedures for handling them.
- Handling Insider Threats: The graduate describes steps in detecting and preventing insider threats.
- Forensic Analysis and Incident Response: The graduate describes the role of forensics analysis in incident response and prevention plan.
- Incident Reporting: The graduate describes the purpose, key elements, and procedure for creating an incident report.
- Incident Recovery and Continuity Planning: The graduate describes the principles of incident recovery and continuity planning in order to evaluate business impact.
- Security Policies and Laws: The graduate distinguishes the purpose and elements of a security policy in order to comply with the laws and regulations related to handling a security incident.
Course Textbooks
EC-Council. (2017). Certified Incident Handler, Volume 1, Version 1. Tampa, FL: EC-Council Academia.
Certification
The Cyber Defense and Countermeasures course focuses on a structured approach for performing the incident handling and response process (IH&R). Successfully completing this course means passing EC-Council’s Certified Incident Handler (ECIH) exam.
